The FBI needs the private sector’s help taking down some of the largest, most complicated threats facing cyberspace. While the bureau has a wealth of technical expertise, it’s often private sector partners that develop the tactics and techniques that enable law enforcement to take action.
Speaking at the annual Black Hat conference in Las Vegas, Tom Grasso, supervisory special agent with the FBI’s Cyber Division, continually reiterated the bureau’s interest in working with the private sector, particularly when working with complex threats like botnets.
“Our overall botnet strategy really starts with the private sector … I’m looking to my private sector partners to tell me where the threats are,” he told the roomful of hackers – both white and black hat. “You guys are down in the trenches, you’re fighting the fight every day, so I want you to tell me what those threats are.”
Grasso cited the bureau’s work taking down the GameOver ZeuS botnet, ultimately dismantled by the FBI in 2014.
That network was so complex, Grasso said he had all but given up on defeating it. That resignation lasted two years, until an industry partner came to the FBI with a method of attack.
“He basically laid out the plan for us and then we put that plan into action with court orders and legal processes,” he said. “For those of you who have really good ideas on how to do things … and you maybe want to go and take the threat down yourself but you think, ‘I don’t know, it might not be quite legal,’ … we can make it legal for you to do that.”
Though lawmakers have proposed legislation that would legalize some level of “hacking back” – going after the attackers directly – those have yet to be enacted and top federal and law enforcement officials continually warn against private citizens taking vigilante action.
However, by teaming up with the FBI, individuals can do just that within the proper legal frameworks.